Every business or organization, large and small, has a responsibility to protect employee and customer information, and the centerpiece of that protection should be an information governance plan.

Businesses that have not yet developed their 2015 governance plan are taking a big risk because without an effective plan that has specified policies, protocols and processes, the business is almost inviting identity theft and data-breach exposures.

Your business creates, collects and stores new information every day. E-mail is one example, and the content of your e-mail is a big target for hackers and identity theft criminals.

The risk of your personal or business e-mail accounts being hacked is high, but the risk of all your data — such as employee, bank-account or health-care information — being stolen is even higher.

Information security and governance are problems that continue to challenge every size of business, as evidenced by data breaches making headlines.

So, what’s the answer? All of your data needs to be managed, and it needs to be secure. And it needs to be managed and secured by every employee and vendor that has access to your business information.

This can be done by “creating and implementing an annual information governance plan that establishes policies and procedures to ensure a company’s proprietary and sensitive information are protected from both cyber and physical loss,” according to Michael O’Shaughnessy, president of Guardian Pro, a Phoenix-based data governance company.

According to O’Shaughnessy, every small business should consider the following six components in their information governance plan:

— Cyber and physical security.

— Employee and contractor training.

— Procedural policy.

— Equipment and technology policy.

— Human-resource policy.

— Marketplace threat level.

Your written information governance plan should be reviewed and signed on an annual basis by every company employee (regardless of the size of the organization) to document and support your information security and governance best practices.

In talking with many small-business owners at speaking engagements or one-on-one, I see a significant gap on how small businesses protect their employee and customer data vs. the actions they take such as the creation and implementation of an information governance plan.

The costs of cybercrime and data breachs are doing serious damage to both the public and private sectors. Small businesses need to know and understand how to respond to state and federal breach notification laws and how to communicate with affected individuals, including its employees and customers.

Your information governance plan will help your business accomplish this while minimizing the potential for identity theft to your employees and customers.

Approximately 19.6 million Americans are employed by companies with fewer than 20 employees, and small businesses are at a greater risk of experiencing a data breach.

Mark’s most important: Your small business needs to complete and implement an information governance plan with a focus on employee education to ensure the enduring success of your business.

Mark Pribish is vice president and ID-theft practice leader at Merchants Information Solutions Inc., a national ID-theft and background-screening provider based in Phoenix. Reach him at markpribish@merchantsinfo.com.

This article was originally published on AZcentral.com and republished with the author’s permission.